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The MAILING DATE of this communication appears on the cover sheet with the correspondence address • 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
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- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)^ Responsive to communication(s) filed on 12 September 2001 . 
2a)D This action is FINAL. 2b)[3 This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 1 1 , 453 O.G. 213. 
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Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 
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DETAILED ACTION 

This Office Action is in response to a communication made on September 12, 

2001. 

The Foreign Priority Documents were received on September 12, 2001. 
The Information Disclosure Statement was received on September 12, 2001 and 
has been considered. 

The Change of Address was received on December 22, 2004. 

Claims 1-6 have been cancelled. 

Claims 7-14 are pending in this application. 

Claim Rejections - 35 USC §112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 7-14 rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

In claims 7 and 14, the claim states that the client application is connected 
directly with a first port of a server application, but later claims that the messages are 
passed from the client network to the server network though a network layer gateway. It 
is not clear how the messages are connected directly from the client application to the 
server application, while traveling through a gateway. 

Claim Rejections - 35 USC § 102 
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The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claim 7-14 are rejected under 35 U.S.C. 102(b) as being anticipated by 
Winiger (5845068). 

Regarding claim 7, Winiger teaches a method for allowing a client application to 
establish, in a client network, a first connection having a first security level, directly with 
a first port of a server application hosted in a server machine linked to a server network 
(Column 3, lines 32 - 38), in order to send messages addressed to the server machine, 
said messages passing from the client network to the server network through a network 
layer of a gateway machine (Column 5, lines 55 - 64), characterized in that it 
comprises: 

creating a second port in the gateway machine; 

ordering the network layer of the gateway machine to reroute to the second port 
any message sent to the first port, addressed to the server machine; 

listening to the second port to detect a request to establish said first connection 

and; 

generating, in the gateway machine, a thread for establishing said first 
connection when a request to establish said first connection is detected in the second 
port (Column 5, lines 53 - 67; Column 6, lines 6-9, where the gateway server 
inherently contains a port and listens to the port in order to receive messages from the 
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client destined for the server application, and routes those messages to the specified 
port if the security level is correct). 

Regarding claim 8, Winiger teaches a method according to claim 7, further 
comprising: 

defining a third port of the server application for receiving at least one of the 
messages with a second security level (Column 4, line 67 - Column 5, line 4); and 
whereas said thread comprises: 

establishing said first connection in a first phase with a first security level in a first 
interface associated with the second port and with said request; 

establishing in a second phase a second connection with a second level of 
security in a second interface to the third port in the server machine (Column 4, line 67 
- Column 5, line 6, where the system allows a new connection to open and request a 
socket of the server application, if the socket is open it allows a new connection to be 
made at a specified security level, which can be different then a previously opened 
socket or port which is operating at a completely separate security layer or label); 

writing with the second security level in the second interface any message read 
in the first interface with the first security level in a third phase, and; 

writing with the first security level in the first interface any message read in the 
second interlace with the second security level in a fourth phase (Column 5, lines 10 - 
14; Column 4, lines 44 - 51 where when the system opens a socket at a certain security 
level it responses with the response that contains the identification of the security level 
in the response header). 
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Regarding claim 9, Winiger teaches a method according to claim 8, 
characterized in that it comprises: ordering the network layer of the gateway machine to 
delete any message sent to the third port (Column 6, lines 6 - 9). 

Regarding claims 10 and 11, Winiger teaches a method according to claims 7 
and 8, characterized in that the steps of creating and ordering are executed 
automatically by a first process of the gateway machine and in that said first process 
generates a second process that executes the third and the fourth step (Column 5, lines 
1-14, where system first opens the ports and the second process waits to see if the 
port gets opened then does the third and fourth steps). 

Regarding claims 12 and 13, Winiger teaches a method according to claims 10 
and 1 1 , further comprising automatically executing the steps of creating, rerouting and 
deleting by a first process of the gateway machine and generating by said first process 
a second process that executes the steps of listening and generating a thread (Column 
5, lines 64 - 67, where the gateways system receives incoming and sends outgoing 
messages, listening and generating, but must go to the security inspection a separate 
process to check the authorization and whether the packet should be dropped or 
modified or rerouted, as seen in Column 9, lines 25 - 35). 

Regarding claim 13, Winiger teaches a method for allowing a client application 
to establish in a client network a first connection having a first security level, directly with 
a first port of a server application hosted in a server machine linked to a server network 
(Column 3, lines 32 - 38), in order to send messages addressed to the server machine, 
said messages passing from the client network to the server network through a network 
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layer of a gateway machine (Column 5, lines 55 - 64), characterized in that it consists of 
activating, in the gateway machine, a secure application proxy that reroutes the 
messages from the first connection, in a way that is transparent for the client 
application, in order to establish a second connection having a second security level 
with the server application, said second connection being unknown to said client 
application (Column 4, line 67 - Column 5, line 6, where the system allows a new 
connection to open and request a socket of the server application, if the socket is open 
it allows a new connection to be made at a specified security level, which can be 
different then a previously opened socket or port which is operating at a completely 
separate security layer or label). 

Prior Art 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

U. S. Patent No. 6785281 issued to Kanemaki, because it discloses switching a 
communication to a special port. 

U. S. Patent No. 6473406 issued to Coile, because it discloses a security proxy 
that checks port numbers. 

U. S. Patent No. 5968176 issued to Nessett, because it discloses a firewall that 
has multiple security layers. 

U. S. Patent No. 5898830 issued to Wesinger, because it discloses firewalls that 
open and secure ports. 
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U. S. Patent No. 5983350 issued to Minear, because it discloses a firewall that 
opens new connections based on security layers. 

U. S. Patent No. 6134591 issued to Nickles, because it discloses a system that 
has a gateway port, a server port and a new more secure port of the server application. 

U. S. Patent No. 6003084 issued to Green, because it discloses a system that 
has a gateway service that listens for client and server communications and checks 
security based on addressed ports. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Kevin Bates whose telephone number is (571) 272- 
3980. The examiner can normally be reached on 8 am - 4:30 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Saleh Najjar can be reached on (571) 272-4006. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 
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